summaryrefslogtreecommitdiff
path: root/ext
Commit message (Collapse)AuthorAgeFilesLines
* Fix #73533: Invalid memory access in php_libxml_xmlCheckUTF8PHP-7.4Christoph M. Becker2021-03-241-1/+1
| | | | | | | A string passed to `php_libxml_xmlCheckUTF8()` may be longer than 1<<31-1 bytes, so we're better using a `size_t`. Closes GH-6802.
* Properly initialize PS(mod) on RINITChristoph M. Becker2021-03-231-1/+2
| | | | | | | | | We need to do that in case a user handler has been set. However, we can't do that in `php_rinit_session_globals()` since that function is called by PHP function `session_destroy()` too, but in that case we don't want to reset PS(mod). Closes GH-6795.
* Fix #80889: amendmentChristoph M. Becker2021-03-222-16/+50
| | | | | | | | | | `session_set_save_handler()` may be called with callables instead of an object; we need to cater to that as well. We also extract a set_user_save_handler_ini() function to avoid code duplication. Closes GH-6796.
* Use ServerClientTestCase in a test for default_socket_timeout=-1Jakub Zelenka2021-03-211-5/+42
|
* Fix #80889: Cannot set save handler when save_handler is invalidChristoph M. Becker2021-03-192-1/+38
| | | | | | | | There is no need to require a (valid) save_handler to be set, when a user handler is supposed to be set. We just have to make sure, that no user handler is already set in this case. Closes GH-6788.
* Fix #80783: PDO ODBC truncates BLOB records at every 256th byteChristoph M. Becker2021-03-183-2/+77
| | | | | | | | | | | | It is not guaranteed, that the driver inserts only a single NUL byte at the end of the buffer. Apparently, there is no way to find out the actual data length in the buffer after calling `SQLGetData()`, so we adjust after the next `SQLGetData()` call. We also prevent PDO::ODBC_ATTR_ASSUME_UTF8 from fetching garbage, by fetching all chunks with the same C type. Closes GH-6716.
* Fix locale switch back to C in pcreNikita Popov2021-03-182-1/+19
| | | | | | The compile context is shared between patterns, so we need to set the character tables unconditionally in case we switched from a non-C locale to the C locale.
* Fix #66783: UAF when appending DOMDocument to elementChristoph M. Becker2021-03-172-3/+26
| | | | | | | | | | | | | According to the DOM standard, elements may only contain element, text, processing instruction and comment nodes[1]. It is also specified that a HierarchyRequestError should be thrown if a document is to be inserted[2]. We follow that standard, and prevent the use-after-free this way. [1] <https://dom.spec.whatwg.org/#node-trees> [2] <https://dom.spec.whatwg.org/#mutation-algorithms> Closes GH-6765.
* Fix #80817: dba_popen() may cause segfault during RSHUTDOWNChristoph M. Becker2021-03-151-2/+2
| | | | We need to close persistent streams with the proper flag.
* Fix bug #80866Dharman2021-03-152-0/+16
| | | | Closes GH-6774.
* Fix bug #80837Dharman2021-03-152-1/+39
| | | | The error needs to be reported on the statement, not the connection.
* Downgrade security level in tests using TLS < 1.2Nikita Popov2021-03-155-4/+14
| | | | | | | A few additional tests have been added on master that require lower security level. (cherry picked from commit c2a6395dcbab20549702e56006f7cd389cefebcd)
* Fix #51903: simplexml_load_file() doesn't use HTTP headersChristoph M. Becker2021-03-082-0/+86
| | | | | | | | | | | | | | | The `encoding` attribute of the XML declaration is optional; it is good practice to use external encoding information where available if it is missing. Thus, we check for `charset` info of `Content-Type` headers, and see whether the encoding is supported. We cater to trailing parameters and quoted-strings, but not to escaped backslashes and quotes in quoted-strings, since no known character encoding contains these anyway. Co-authored-by: Michael Wallner <mike@php.net> Closes GH-6747.
* Fix #80838: HTTP wrapper waits for HTTP 1 response after HTTP 101manuel2021-03-082-1/+42
| | | | | | Don't wait for further responses after a HTTP 101 (Switching Protocols) response Closes GH-6730.
* Print error code if CreateMutex() failsChristoph M. Becker2021-03-051-1/+1
| | | | | | | | | This issue came up recently in a bug report[1]; without the error code, users can barely guess why the function failed. [1] <https://bugs.php.net/80812> Closes GH-6745.
* Fix #78719: http wrapper silently ignores long Location headersChristoph M. Becker2021-03-032-13/+31
| | | | | | | | | | | | When opening HTTP streams, and reading the headers, we currently discard header lines longer than `HTTP_HEADER_BLOCK_SIZE` (1024 bytes). While this is not generally forbidden by RFC 7230, section 3.2.5, it is not generally allowed either, since that may change the "message framing or response semantics". We thus fix this by allowing arbitrarily long header lines. Closes GH-6720.
* Fix #80751: Comma in recipient name breaks email deliveryChristoph M. Becker2021-03-011-0/+93
| | | | | | | | | | | | | | | | | So far, `SendText()` simply separates potential email address lists at any comma, disregarding that commas inside a quoted-string do not delimit addresses. We fix that by introducing an own variant of `strtok_r()` which caters to quoted-strings. We also make `FormatEmailAddress()` aware of quoted strings. We do not cater to email address comments, and potentially other quirks of RFC 5322 email addresses, but catering to quoted-strings is supposed to solve almost all practical use cases. Co-authored-by: Nikita Popov <nikita.ppv@gmail.com> Closes GH-6735.
* Fixed bug #80805Nikita Popov2021-03-012-4/+33
| | | | | | Handle missing result_var in binary_op_result_type. (cherry picked from commit 8446e2827585c37d0739f8d44fa8d359cbbb6551)
* Fix memleak on ReflectionFunction and ReflectionGenerator classes when ↵Felipe Pena2021-02-251-0/+9
| | | | calling __construct after instantiation
* skip test with openssl < 1.1.0Remi Collet2021-02-251-1/+2
| | | | | The test fails, but without any crash (this test is designed to catch a crash)
* mysqlnd pam fix test error messageDaniel Black2021-02-251-2/+2
| | | | Closes GH-6727.
* Fix potential file collision in dom testsNikita Popov2021-02-242-2/+2
|
* Fix #75776: Flushing streams with compression filter is brokenChristoph M. Becker2021-02-223-3/+66
| | | | | | | | | | | | | | | | | First, the `bzip2.compress` filter has the same issue as `zlib.deflate` so we port the respective fix[1] to ext/bz2. Second, there is still an issue, if a stream with an attached compression filter is flushed before it is closed, without any writes in between. In that case, the compression is never finalized. We fix this by enforcing a `_php_stream_flush()` with the `closing` flag set in `_php_stream_free()`, whenever a write filter is attached. This call is superfluous for most write filters, but does not hurt, even when it is unnecessary. [1] <http://git.php.net/?p=php-src.git;a=commit;h=20e75329f2adb11dd231852c061926d0e4080929> Closes GH-6703.
* Fix #80771: phpinfo(INFO_CREDITS) displays nothing in CLIChristoph M. Becker2021-02-222-1/+17
| | | | | | | There is no good reason not to show the credits in text based SAPIs, except for brevity. Thus, we suppress the credits from `php -i`. Closes GH-6710.
* Fix #80774: session_name() problem with backslashChristoph M. Becker2021-02-223-9/+30
| | | | | | | | | | Since we do no longer URL decode cookie names[1], we must not URL encode the session name. We need to prevent broken Set-Cookie headers, by rejecting names which contain invalid characters. [1] <http://git.php.net/?p=php-src.git;a=commit;h=6559fe912661ca5ce5f0eeeb591d928451428ed0> Closes GH-6711.
* Fix #80763: msgfmt_format() does not accept DateTime referencesChristoph M. Becker2021-02-172-0/+20
| | | | | | `intl_zval_to_millis()` needs to cater to references. Closes GH-6707.
* Handle incomplete result set metadata more gracefullyNikita Popov2021-02-161-2/+3
| | | | | | | | Rather than segfaulting because sname is missing lateron, report a FAIL here. As this indicates a server bug, the errors is reported as an out of band warning, rather than a client error. This fixes the PHP side of bug #80713.
* Suppress OpenSSL error on missing optional configNikita Popov2021-02-162-27/+29
| | | | | | | | | | | | | | openssl_pkey_new() fetches various options from the config file -- most of these are optional, and not specifying them is not an error condition from the perspective of the user. Unfortunately, the CONF_get_string() API pushes an error when accessing a key that doesn't exist (_CONF_get_string does not, but that is presumably a private API). This commit adds a helper php_openssl_conf_get_string() that automatically clears the error in this case. I've found that OpenSSL occasionally does the same thing internally: https://github.com/openssl/openssl/blob/22040fb790c854cefb04bed98ed38ea6357daf83/apps/req.c#L515-L517 Closes GH-6699.
* Fixed bug #80747Nikita Popov2021-02-152-0/+21
| | | | If RSA key generation fails, actually report that failure.
* Fix #78680: mysqlnd pam plugin missing terminating nullDaniel Black2021-02-152-7/+51
| | | | | | | | | | | | | | | | | | | The PAM service requires the terminating null to be part of the communication. Tested with MariaDB-10.4(pam) and Percona Server 5.7.32(auth_pam_compat). Also changed MySQL Enterprise test to the server side plugin, authentication_pam as opposed to the client plugin mysql_clear_password. Add additional check for pamtest user and pam service file as all are required for the test. More importantly, test result should actually succeed. Thanks Geoff Montee for bug report. Closes GH-78680.
* Fix leak when breaking out of FilesystemIteratorNikita Popov2021-02-152-19/+15
| | | | | | | | We need to always destroy current, not just when iter.data is not set. Take this opportunity to clean up the iterator destructor code a bit, to remove redundant checks and incorrect comments.
* Fixed bug #80719Nikita Popov2021-02-114-8/+23
|
* Fix locale dependent parsing of PostgreSQL version numberChristoph M. Becker2021-02-081-6/+9
| | | | | | | | | Version numbers are not supposed to be localized, so we must not apply locale dependent parsing with `atof()`. Using `php_version_compare()` might even be better. Closes GH-6668.
* Fix #80706: mail(): Headers after Bcc headers may be ignoredChristoph M. Becker2021-02-081-0/+76
| | | | | | | | We need to handle the case where a CRLF after a Bcc header is not the beginning of a folding marker, because in that case the Bcc header was not the last "thing". Closes GH-6666.
* Use ST_Y() instead of the deprecated/removed Y() in testChristoph M. Becker2021-02-051-2/+2
|
* Fix #74779: x() and y() truncating floats to integersChristoph M. Becker2021-02-052-1/+43
| | | | | | | | We must not use the locale dependent `atof()`, but instead use the (hopefully) locale independent `zend_strtod()`, when converting string representations of floating point numbers which are sent by the server. Closes GH-6665.
* Try SIGTERM before SIGKILL in opcache restartNikita Popov2021-02-041-2/+5
| | | | | | | SIGTERM is subject to HANDLE_BLOCK_INTERRUPTIONS(), which will allow code to exit critical sections before it gets terminated. Closes GH-6493.
* Fix #53467: Phar cannot compress large archivesChristoph M. Becker2021-02-031-17/+41
| | | | | | | | | | | | | | | | | | | When Phars are flushed, a new temporary file is created for each entry which should be compressed, and the `compressed_filesize` is retrieved. Afterwards, the Phar manifest is written, and only after that the files are copied to the actual Phar. So for each such entry there is an open temp file, what easily exceeds the limit. Therefore, we use a single temporary file for all entries, and store the start offset in the otherwise unused `header_offset` member. We ensure that the `cfp` members are properly set to NULL even if flushing fails, to avoid use after free scenarios. This solution is based on a suggestion by @lserni[1]. Closes GH-6643. [1] <https://github.com/box-project/box2/issues/80#issuecomment-77147371>
* Update year to 2021Peter Kokot2021-02-022-2/+2
| | | | Closes GH-6636.
* Add missing derefs in CurlFileNikita Popov2021-02-021-0/+3
| | | | As pointed out on GH-6456.
* Fix persistent leak on load_wsdl_ex failureNikita Popov2021-02-021-2/+1
| | | | | | Move the load_wsdl_ex call into the zend_try that destroys the docs hash table. The wsdl will be inserted into docs early on, and will thus be released on subsequent bailout.
* Fix #80654: file_get_contents() maxlen fails above (2**31)-1 bytesChristoph M. Becker2021-02-012-8/+0
| | | | | | | | | We remove the arbitrary restriction to `INT_MAX`; it is superfluous on 32bit systems where `ZEND_LONG_MAX == INT_MAX` anyway, and not useful on 64bit systems, where larger files should be readable, if the `memory_limit` is large enough. Closes GH-6648.
* Fix buildNikita Popov2021-02-011-1/+1
|
* Merge branch 'PHP-7.3' into PHP-7.4Stanislav Malyshev2021-01-314-14/+37
|\ | | | | | | | | * PHP-7.3: Fix bug #80672 - Null Dereference in SoapClient
| * Fix bug #80672 - Null Dereference in SoapClientStanislav Malyshev2021-01-314-14/+37
| |
* | Fix #80682 opcache doesn't honour pcre.jit optionRemi Collet2021-01-281-4/+6
| |
* | Merge branch 'PHP-7.3' into PHP-7.4Stanislav Malyshev2021-01-271-16/+0
|\ \ | |/ | | | | | | * PHP-7.3: Rm unneeded function
| * Rm unneeded functionStanislav Malyshev2021-01-271-16/+0
| |
* | Merge branch 'PHP-7.3' into PHP-7.4Stanislav Malyshev2021-01-268-28/+38
|\ \ | |/ | | | | | | * PHP-7.3: Alternative fix for bug 77423
| * Alternative fix for bug 77423Christoph M. Becker2021-01-268-28/+38
| | | | | | | | | | | | | | | | | | | | | | That bug report originally was about `parse_url()` misbehaving, but the security aspect was actually only regarding `FILTER_VALIDATE_URL`. Since the changes to `parse_url_ex()` apparently affect userland code which is relying on the sloppy URL parsing[1], this alternative restores the old parsing behavior, but ensures that the userinfo is checked for correctness for `FILTER_VALIDATE_URL`. [1] <https://github.com/php/php-src/commit/5174de7cd33c3d4fa591c9c93859ff9989b07e8c#commitcomment-45967652>
View Lorry Controller Status